HomePowerShell › AD Automation
🔷 PowerShell

PowerShell Active Directory Automation

📅 July 04, 202612 min read
ADVANCED
⏱ 12 min read
Prerequisites:
Key Facts
  • PowerShell ActiveDirectory module provides cmdlets for user, group, and OU management
  • Bulk operations reduce manual admin time from hours to minutes
  • Password policies enforce complexity and prevent reuse across 1000s of users
  • Import-Csv enables batch operations from Excel or CSV files

Bulk User Creation from CSV

Create 100 users in minutes instead of hours. CSV files provide data, PowerShell automates the rest:

# Import-Users.ps1
$csvPath = "C:\users\newusers.csv"
$users = Import-Csv $csvPath

foreach ($user in $users) {
  $displayName = "{0} {1}" -f $user.FirstName, $user.LastName

  New-ADUser -Name $displayName `
    -GivenName $user.FirstName `
    -Surname $user.LastName `
    -SamAccountName $user.Username `
    -UserPrincipalName "$($user.Username)@example.com" `
    -Path "OU=Users,DC=example,DC=com" `
    -AccountPassword (ConvertTo-SecureString $user.Password -AsPlainText -Force) `
    -Enabled $true

  Add-ADGroupMember -Identity $user.Department -Members $user.Username
  Write-Host "Created user: $displayName"
}

Password Management & Security

Enforce strong passwords and reset policies at scale:

# Reset password for all users in IT department
$itUsers = Get-ADGroupMember -Identity "IT" -Recursive

foreach ($user in $itUsers) {
  $newPassword = [System.Web.Security.Membership]::GeneratePassword(16, 3)
  Set-ADAccountPassword -Identity $user -NewPassword (ConvertTo-SecureString $newPassword -AsPlainText -Force) -Reset

  # Send password to user (not shown for security)
  Write-Host "Reset password for $($user.SamAccountName)"
}

Key Takeaways

  • Use Get-ADUser, New-ADUser, Set-ADUser for user management
  • Import-Csv enables bulk operations from files
  • Automate group membership with Add-ADGroupMember
  • Secure passwords with ConvertTo-SecureString